unwanted sites opening up by itself___help needed

Amar · April 29, 2012

Hi

My laptop got infected with the malware or adware. My IE automatically opens up and get redirected to some unwanted sites. I downloaded the microsoft security essential and scanned. the scan result was showing trojan named "alureon.fp" it and WSE removes it. but when i reboot the computer it doesnt start and ask to repair the launch which in turns take the computer to last restore point. But after all this the virus remains in the computer.

Please can anybody help me on this.

my MBAM doesnt scan any virus...

Elise · April 30, 2012

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
[*]Double click on the DDS icon, allow it to run.
[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.
[*]Notepad will open with the results.
[*]Follow the instructions that pop up for posting the results.
[*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Amar · April 30, 2012

thanx for your reply.....

here is the log

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6001.18000

Run by poonam at 17:24:45 on 2012-04-30

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4060.2558 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\agr64svc.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\TOSHIBA\rselect\RSelSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\ThpSrv.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Internet Explorer\IEUser.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome

mStart Page = hxxp://ca.yahoo.com

mDefault_Page_URL = hxxp://ca.yahoo.com

uInternet Settings,ProxyServer = http=127.0.0.1:59778

mWinlogon: Userinit=userinit.exe,

uWindows: Load=C:\Users\poonam\LOCALS~1\Temp\mshvhiasp.pif

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

mRun: [sVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"

mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"

mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{26BDD626-685A-46C8-A42B-28DE28EF1008} : DhcpNameServer = 64.71.255.198

TCP: Interfaces\{9B045392-23DF-4A8E-AFEB-935BC70F4794} : DhcpNameServer = 64.71.255.198

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

mRun-x64: [sVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL

mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun-x64: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

mRun-x64: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"

mRun-x64: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"

mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-8-7 20544]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]

R2 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-8-7 62776]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]

R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]

R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 enecirhid;ENE CIR HID Receiver;C:\Windows\system32\DRIVERS\enecirhid.sys --> C:\Windows\system32\DRIVERS\enecirhid.sys [?]

R3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\system32\DRIVERS\enecirhidma.sys --> C:\Windows\system32\DRIVERS\enecirhidma.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-11-10 93184]

.

=============== Created Last 30 ================

.

2012-04-29 01:09:19 -------- d-----w- C:\sh4ldr

2012-04-29 01:09:19 -------- d-----w- C:\Program Files\Enigma Software Group

2012-04-29 01:07:50 -------- d-----w- C:\Users\poonam\AppData\Roaming\SpeedyPC Software

2012-04-29 01:07:50 -------- d-----w- C:\Users\poonam\AppData\Roaming\DriverCure

2012-04-29 01:07:43 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-04-28 12:17:35 -------- d-----w- C:\Users\poonam\AppData\Roaming\SUPERAntiSpyware.com

2012-04-28 04:08:33 -------- d-----w- C:\63e30347fc58305ca24aabea

2012-04-27 15:31:57 -------- d-----w- C:\998e974eb56b51bfc812

2012-04-27 14:07:09 87552 ----a-w- C:\ProgramData\dlFnlr5v.exe

2012-04-27 13:57:04 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-04-27 13:55:52 -------- d-----we C:\Windows\system64

2012-04-24 23:14:29 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C23145A1-5CCA-405D-A632-BA6005F2F3C4}\mpengine.dll

2012-04-23 13:39:39 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec

2012-04-13 21:59:33 -------- d-----w- C:\Users\poonam\AppData\Roaming\gizza

.

==================== Find3M ====================

.

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-23 14:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe

2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

.

============= FINISH: 17:27:54.22 ===============

Elise · May 1, 2012

Hi,

Unfortunately you have a nasty rootkit on your computer. Before starting to fix it, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Amar · May 1, 2012

Here is the COMBOFIX log

ComboFix 12-05-01.01 - poonam 01/05/2012 7:50.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4060.1987 [GMT -4:00]

Running from: c:\users\poonam\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\2a88372pk28

c:\programdata\dlFnlr5v.exe

c:\programdata\Roaming

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\chrome.manifest

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\chrome\content\_cfg.js

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\chrome\content\overlay.xul

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\install.rdf

c:\users\poonam\AppData\Local\2a88372pk28

c:\users\poonam\AppData\Local\cfhk.exe

c:\users\poonam\AppData\Local\cyiv.exe

c:\users\poonam\AppData\Local\dxuc.exe

c:\users\poonam\AppData\Local\fjda.exe

c:\users\poonam\AppData\Local\flft.exe

c:\users\poonam\AppData\Local\fvjo.exe

c:\users\poonam\AppData\Local\lkxe.exe

c:\users\poonam\AppData\Local\mcax.exe

c:\users\poonam\AppData\Local\obri.exe

c:\users\poonam\AppData\Local\schy.exe

c:\users\poonam\AppData\Local\sndb.exe

c:\users\poonam\AppData\Local\tpau.exe

c:\users\poonam\AppData\Roaming\1C92.9C7

c:\users\poonam\Taskmgr.exe

c:\users\poonam\wevtapi.dll

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\consrv.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\System64

c:\windows\Tasks\At1.job

.

c:\windows\SysWow64\userinit.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))

Elise · May 1, 2012

Was that the complete log?

Amar · May 1, 2012

yes that was it....

Elise · May 1, 2012

Sorry about the capslock in my previous post, I fixed it.

Can you rerun combofix once more and post the new log? Wait until the log pops up.

Amar · May 1, 2012

i run the combofix...it scans to stage 50 ,delete files and reboots thrcomputer. but after rebooting it doesnt produce log...

Elise · May 1, 2012

Can you manually verify if the log was created at c:\combofix.txt?

Also, how is your computer behaving at this point?

Amar · May 2, 2012

did search but coudnt find the combofix.txt anywhere on the computer......the computer is functioning ok except ocassionally sometime these unwanted sites pop-up....

Amar · May 2, 2012

i found a log for combofix hidden in qoobox directory.....

ComboFix 12-05-01.01 - poonam 01/05/2012 7:50.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4060.1987 [GMT -4:00]

Running from: c:\users\poonam\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\2a88372pk28

c:\programdata\dlFnlr5v.exe

c:\programdata\Roaming

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\chrome.manifest

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\chrome\content\_cfg.js

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\chrome\content\overlay.xul

c:\users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}\install.rdf

c:\users\poonam\AppData\Local\2a88372pk28

c:\users\poonam\AppData\Local\cfhk.exe

c:\users\poonam\AppData\Local\cyiv.exe

c:\users\poonam\AppData\Local\dxuc.exe

c:\users\poonam\AppData\Local\fjda.exe

c:\users\poonam\AppData\Local\flft.exe

c:\users\poonam\AppData\Local\fvjo.exe

c:\users\poonam\AppData\Local\lkxe.exe

c:\users\poonam\AppData\Local\mcax.exe

c:\users\poonam\AppData\Local\obri.exe

c:\users\poonam\AppData\Local\schy.exe

c:\users\poonam\AppData\Local\sndb.exe

c:\users\poonam\AppData\Local\tpau.exe

c:\users\poonam\AppData\Roaming\1C92.9C7

c:\users\poonam\Taskmgr.exe

c:\users\poonam\wevtapi.dll

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\consrv.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\System64

c:\windows\Tasks\At1.job

.

c:\windows\SysWow64\userinit.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))

.

2012-05-01 12:39 . 2012-05-01 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-29 01:09 . 2012-04-29 02:39 -------- d-----w- C:\sh4ldr

2012-04-29 01:09 . 2012-04-29 01:09 -------- d-----w- c:\program files\Enigma Software Group

2012-04-29 01:07 . 2012-04-29 01:07 -------- d-----w- c:\users\poonam\AppData\Roaming\SpeedyPC Software

2012-04-29 01:07 . 2012-04-29 01:07 -------- d-----w- c:\users\poonam\AppData\Roaming\DriverCure

2012-04-29 01:07 . 2012-04-29 02:39 -------- d-----w- c:\programdata\SpeedyPC Software

2012-04-28 12:17 . 2012-04-28 12:17 -------- d-----w- c:\users\poonam\AppData\Roaming\SUPERAntiSpyware.com

2012-04-28 04:08 . 2012-04-29 07:41 -------- d-----w- C:\63e30347fc58305ca24aabea

2012-04-27 15:31 . 2012-04-29 07:41 -------- d-----w- C:\998e974eb56b51bfc812

2012-04-24 23:14 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C23145A1-5CCA-405D-A632-BA6005F2F3C4}\mpengine.dll

2012-04-23 13:39 . 2012-04-29 07:41 -------- d-----w- c:\program files (x86)\Common Files\SourceTec

2012-04-13 21:59 . 2012-04-13 22:00 -------- d-----w- c:\users\poonam\AppData\Roaming\gizza

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2011-01-19 23:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-23 14:18 . 2010-11-06 07:56 279656 ----a-w- c:\windows\system32\MpSigStub.exe

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 422400]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]

"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-27 701752]

"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]

"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\explorer.exe,"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-31 7574048]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-31 1833504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-09-25 195112]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840]

"combofix"="c:\combofix\CF27411.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

nv4

mksupdateint

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ca.yahoo.com

mLocal Page = %SystemRoot%\system32\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:59778

LSP: mswsock.dll

TCP: DhcpNameServer = 64.71.255.198

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-Search Protection - c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe

Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

HKLM-Run-TPCHWMsg - c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000020

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\program files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

c:\program files (x86)\Internet Explorer\IEUser.exe

c:\windows\SysWOW64\ping.exe

.

**************************************************************************

.

Completion time: 2012-05-01 08:53:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-01 12:53

.

Pre-Run: 263,177,035,776 bytes free

Post-Run: 263,473,197,056 bytes free

.

- - End Of File - - B15617D45CE850D27663C761C4A1BA7B

Elise · May 2, 2012

That looks still infected, so lets run another scan to see if we can identify all problems and fix them with a script.

OTL

-----

Please download OTL from one of the following mirrors:

- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Amar · May 2, 2012

here is the OTL.TXT

OTL logfile created on: 02/05/2012 7:28:02 AM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\poonam\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 70.19% Memory free

8.10 Gb Paging File | 6.82 Gb Available in Paging File | 84.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 349.79 Gb Total Space | 247.89 Gb Free Space | 70.87% Space Free | Partition Type: NTFS

Drive E: | 9.95 Gb Total Space | 9.87 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Drive F: | 1.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: POONAM-PC | User Name: poonam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 07:27:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\poonam\Desktop\OTL.exe

PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

PRC - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

========== Modules (No Company Name) ==========

MOD - [2008/01/20 22:48:39 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/22 01:07:16 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/04/09 22:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)

SRV:64bit: - [2008/10/16 21:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2008/10/16 20:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2008/08/22 13:26:52 | 000,535,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2008/01/20 22:50:24 | 000,006,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\RAPIProtocol.dll -- (nv4)

SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)

SRV - [2009/04/01 21:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/01/30 15:54:20 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/04/22 02:30:46 | 005,356,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/04/08 19:36:40 | 000,138,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2009/03/25 20:23:26 | 000,035,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2009/03/23 19:48:20 | 000,014,472 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/03/20 19:37:40 | 000,266,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)

DRV:64bit: - [2009/02/11 20:26:18 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/01/27 22:12:14 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2008/12/30 15:18:40 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/11/17 10:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2008/11/11 21:30:12 | 000,189,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2008/04/29 04:56:00 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)

DRV:64bit: - [2008/04/25 12:16:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)

DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2007/09/04 13:29:04 | 000,014,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)

DRV - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC

IE - HKU\.DEFAULT\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC

IE - HKU\S-1-5-18\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59778

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/01 12:28:56 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{990DFFA1-4968-40C5-B48D-032CCA601C9D}: C:\Users\poonam\AppData\Local\{990DFFA1-4968-40C5-B48D-032CCA601C9D}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:\Users\poonam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\poonam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\poonam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\poonam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF28003.3XE (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe ()

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found

O4 - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4:64bit: - HKLM..\RunOnce: [combofix] C:\ComboFix\CF28003.3XE (Microsoft Corporation)

O4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3433915242-1357775413-2331449275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26BDD626-685A-46C8-A42B-28DE28EF1008}: DhcpNameServer = 64.71.255.198

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B045392-23DF-4A8E-AFEB-935BC70F4794}: DhcpNameServer = 64.71.255.198

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\poonam\Desktop\New Folder\New Folder (3)\14122010006.JPG

O24 - Desktop BackupWallPaper: C:\Users\poonam\Desktop\New Folder\New Folder (3)\14122010006.JPG

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 07:27:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\poonam\Desktop\OTL.exe

[2012/05/01 13:31:32 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/05/01 13:31:32 | 000,000,000 | ---D | C] -- C:\Users\poonam\AppData\Local\temp

[2012/05/01 13:24:09 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/05/01 13:00:55 | 004,480,463 | R--- | C] (Swearware) -- C:\Users\poonam\Desktop\ComboFix.exe

[2012/05/01 09:26:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/01 07:46:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/01 07:46:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/01 07:46:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/01 07:46:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/01 07:46:40 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/30 17:24:45 | 000,000,000 | R--D | C] -- C:\Users\poonam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/04/28 21:09:19 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2012/04/28 21:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/04/28 21:07:50 | 000,000,000 | ---D | C] -- C:\Users\poonam\AppData\Roaming\SpeedyPC Software

[2012/04/28 21:07:50 | 000,000,000 | ---D | C] -- C:\Users\poonam\AppData\Roaming\DriverCure

[2012/04/28 21:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/04/28 08:17:35 | 000,000,000 | ---D | C] -- C:\Users\poonam\AppData\Roaming\SUPERAntiSpyware.com

[2012/04/28 00:08:33 | 000,000,000 | ---D | C] -- C:\63e30347fc58305ca24aabea

[2012/04/27 11:31:57 | 000,000,000 | ---D | C] -- C:\998e974eb56b51bfc812

[2012/04/23 09:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec

[2012/04/13 17:59:33 | 000,000,000 | ---D | C] -- C:\Users\poonam\AppData\Roaming\gizza

========== Files - Modified Within 30 Days ==========

[2012/05/02 07:27:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\poonam\Desktop\OTL.exe

[2012/05/02 07:23:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/01 22:30:01 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/01 22:30:01 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/01 22:30:01 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/01 22:27:55 | 000,000,104 | ---- | M] () -- C:\Users\poonam\Desktop\Network - Shortcut.lnk

[2012/05/01 22:27:53 | 000,000,104 | ---- | M] () -- C:\Users\poonam\Desktop\Computer.lnk

[2012/05/01 22:27:31 | 000,000,104 | ---- | M] () -- C:\Users\poonam\Desktop\Recycle Bin.lnk

[2012/05/01 22:22:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 22:22:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 22:22:39 | 4258,131,968 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/01 22:05:48 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At48.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At47.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At46.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At45.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At44.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At43.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At42.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At41.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At40.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At39.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At38.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At37.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At36.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At35.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At34.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At33.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At32.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At31.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At30.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At29.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At28.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At27.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At26.job

[2012/05/01 22:03:20 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job

[2012/05/01 22:03:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job

[2012/05/01 21:34:02 | 000,087,552 | ---- | M] () -- C:\ProgramData\dlFnlr5v.exe_

[2012/05/01 21:34:02 | 000,087,552 | ---- | M] () -- C:\ProgramData\dlFnlr5v.exe

[2012/05/01 13:01:02 | 004,480,463 | R--- | M] (Swearware) -- C:\Users\poonam\Desktop\ComboFix.exe

[2012/04/29 22:23:19 | 000,007,728 | ---- | M] () -- C:\Users\poonam\AppData\Local\d3d9caps.dat

[2012/04/28 00:09:15 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock

[2012/04/25 21:34:23 | 000,000,104 | ---- | M] () -- C:\Users\poonam\Application Data\Microsoft\Internet Explorer\Quick Launch\internet explorer - Shortcut.lnk

[2012/04/25 20:13:59 | 520,916,520 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/04/21 17:28:54 | 216,854,340 | ---- | M] () -- C:\Users\poonam\Desktop\Anarkali disco chali.mp4

[2012/04/17 10:02:25 | 000,166,075 | ---- | M] () -- C:\Users\poonam\Desktop\Amar___resume.pdf

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/01 22:27:55 | 000,000,104 | ---- | C] () -- C:\Users\poonam\Desktop\Network - Shortcut.lnk

[2012/05/01 22:27:53 | 000,000,104 | ---- | C] () -- C:\Users\poonam\Desktop\Computer.lnk

[2012/05/01 22:27:31 | 000,000,104 | ---- | C] () -- C:\Users\poonam\Desktop\Recycle Bin.lnk

[2012/05/01 22:22:39 | 4258,131,968 | -HS- | C] () -- C:\hiberfil.sys

[2012/05/01 21:34:13 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At48.job

[2012/05/01 21:34:13 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At47.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At46.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At45.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At44.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At43.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At42.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At41.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At40.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At39.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At38.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At37.job

[2012/05/01 21:34:12 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At36.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At35.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At34.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At33.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At32.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At31.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At30.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At29.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At28.job

[2012/05/01 21:34:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At27.job

[2012/05/01 21:34:10 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At26.job

[2012/05/01 21:34:10 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At25.job

[2012/05/01 21:34:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At24.job

[2012/05/01 21:34:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At23.job

[2012/05/01 21:34:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At22.job

[2012/05/01 21:34:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At21.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At20.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At19.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At18.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At17.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At16.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At15.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At14.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At13.job

[2012/05/01 21:34:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At12.job

[2012/05/01 21:34:08 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At9.job

[2012/05/01 21:34:08 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At11.job

[2012/05/01 21:34:08 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At10.job

[2012/05/01 21:34:07 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At8.job

[2012/05/01 21:34:07 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At7.job

[2012/05/01 21:34:07 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At6.job

[2012/05/01 21:34:06 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At5.job

[2012/05/01 21:34:06 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At4.job

[2012/05/01 21:34:05 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At3.job

[2012/05/01 21:34:04 | 000,087,552 | ---- | C] () -- C:\ProgramData\dlFnlr5v.exe_

[2012/05/01 21:34:04 | 000,087,552 | ---- | C] () -- C:\ProgramData\dlFnlr5v.exe

[2012/05/01 21:34:04 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At2.job

[2012/05/01 21:34:04 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At1.job

[2012/05/01 14:04:30 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd

[2012/05/01 07:46:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/01 07:46:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/01 07:46:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/01 07:46:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/01 07:46:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/27 11:34:36 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock

[2012/04/25 21:34:23 | 000,000,104 | ---- | C] () -- C:\Users\poonam\Application Data\Microsoft\Internet Explorer\Quick Launch\internet explorer - Shortcut.lnk

[2012/04/21 17:28:48 | 216,854,340 | ---- | C] () -- C:\Users\poonam\Desktop\Anarkali disco chali.mp4

[2012/04/17 10:02:24 | 000,166,075 | ---- | C] () -- C:\Users\poonam\Desktop\Amar___resume.pdf

[2012/03/29 15:03:04 | 000,000,200 | -H-- | C] () -- C:\ProgramData\-AekvrhAyMcHrdXr

[2012/03/29 15:03:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-AekvrhAyMcHrdX

[2012/03/29 15:02:56 | 000,000,256 | -H-- | C] () -- C:\ProgramData\AekvrhAyMcHrdX

[2012/03/27 20:12:39 | 000,000,154 | ---- | C] () -- C:\Users\poonam\AppData\Local\svcxdcl32.dat

[2012/01/05 08:50:49 | 000,010,466 | -HS- | C] () -- C:\Users\poonam\AppData\Local\381nqh18a721nt30y6mjf6h348028t11o1276

[2012/01/05 08:50:49 | 000,010,466 | -HS- | C] () -- C:\ProgramData\381nqh18a721nt30y6mjf6h348028t11o1276

[2011/09/12 10:06:06 | 000,001,240 | -HS- | C] () -- C:\Users\poonam\AppData\Local\u1c1x8d031o

[2011/09/12 10:06:06 | 000,001,240 | -HS- | C] () -- C:\ProgramData\u1c1x8d031o

[2011/09/12 10:06:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\xtsr.exe

[2011/09/12 10:06:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\jypy.exe

[2011/09/12 10:06:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\jvbi.exe

[2011/09/12 10:06:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\fssa.exe

[2011/09/06 14:08:41 | 000,001,052 | -HS- | C] () -- C:\Users\poonam\AppData\Local\st5mjiwe2253sf74g5h62hreow2lt882m46770d101xu

[2011/09/06 14:08:41 | 000,001,052 | -HS- | C] () -- C:\ProgramData\st5mjiwe2253sf74g5h62hreow2lt882m46770d101xu

[2011/09/06 14:08:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\vrwp.exe

[2011/09/06 14:08:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\ljit.exe

[2011/09/06 14:08:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\keuj.exe

[2011/09/06 14:08:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\bvbw.exe

[2011/09/05 23:57:14 | 000,001,140 | -HS- | C] () -- C:\Users\poonam\AppData\Local\61n60771hrhp23tt0u7lw41450n15vsd5ygffc6hcx15

[2011/09/05 23:57:14 | 000,001,140 | -HS- | C] () -- C:\ProgramData\61n60771hrhp23tt0u7lw41450n15vsd5ygffc6hcx15

[2011/09/05 23:57:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\vxug.exe

[2011/09/05 23:57:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\pcoj.exe

[2011/09/05 23:57:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\hlah.exe

[2011/09/05 23:57:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\cftt.exe

[2011/02/19 13:59:29 | 000,007,728 | ---- | C] () -- C:\Users\poonam\AppData\Local\d3d9caps.dat

[2011/01/19 12:26:20 | 000,000,000 | ---- | C] () -- C:\Users\poonam\AppData\Local\Ltiboger.bin

[2011/01/19 12:26:19 | 000,000,120 | ---- | C] () -- C:\Users\poonam\AppData\Local\Xtejililunut.dat

[2010/11/10 11:04:17 | 000,010,240 | ---- | C] () -- C:\Users\poonam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

and here is EXTA.TXT

OTL Extras logfile created on: 02/05/2012 7:28:02 AM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\poonam\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 70.19% Memory free

8.10 Gb Paging File | 6.82 Gb Available in Paging File | 84.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 349.79 Gb Total Space | 247.89 Gb Free Space | 70.87% Space Free | Partition Type: NTFS

Drive E: | 9.95 Gb Total Space | 9.87 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Drive F: | 1.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: POONAM-PC | User Name: poonam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3433915242-1357775413-2331449275-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()

https [open] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{029B2D64-2D25-4FD7-90A8-EC5DC130AC72}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02301731-991A-4DE7-91EE-ABE1EFCFB54C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{0CA54D79-5032-4485-9538-8755325E9F37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{151FEA91-53E1-4291-9BF6-B87857E500AC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{221D8DE5-0D72-4330-8984-18C88737D3EF}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{34A7D72E-8E2C-4320-8AA9-980491BE5ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{44EC16DE-059A-497A-9979-3233BDF6C9EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{5FB728AF-7907-4AEA-AEBE-72CDD7670228}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{67CD4DED-B788-49E8-A776-5F613ED5C4C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{F8340E12-4A97-4F61-90C7-B1629A6CAA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"TCP Query User{4E9841F9-2623-4927-81C0-530D4B38A1F1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{A8C02DF7-087B-44F8-BF4D-E496D81670AE}C:\users\poonam\appdata\roaming\oxef\ywvuy.exe" = protocol=6 | dir=in | app=c:\users\poonam\appdata\roaming\oxef\ywvuy.exe |

"UDP Query User{AA39F4D3-1333-409E-909F-6945FB4A17B7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{D92E4099-8DB5-4CE9-89C2-054D818CA2C0}C:\users\poonam\appdata\roaming\oxef\ywvuy.exe" = protocol=17 | dir=in | app=c:\users\poonam\appdata\roaming\oxef\ywvuy.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager

"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center

"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software

"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager

"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime

"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91" = ENE CIR Receiver Driver

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 23

"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing

"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder

"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All

"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy

"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional

"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light

"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation

"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}" = My TOSHIBA

"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian

"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian

"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility

"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree

"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek

"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager

"AC3Filter_is1" = AC3Filter 1.63b

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"DivX Setup" = DivX Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FrostWire" = FrostWire 4.21.3

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager

"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"WildTangent toshiba Master Uninstall" = WildTangent Games

"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 13/03/2012 3:11:04 PM | Computer Name = poonam-PC | Source = WinMgmt | ID = 10

Description =

Error - 15/03/2012 3:20:46 AM | Computer Name = poonam-PC | Source = WinMgmt | ID = 10

Description =

Error - 16/03/2012 3:25:15 AM | Computer Name = poonam-PC | Source = WinMgmt | ID = 10

Description =

Error - 21/03/2012 2:08:47 PM | Computer Name = poonam-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 7.0.6001.18639 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 7a70 Start Time: 01cd078cf9fd6ea0 Termination Time: 0

Error - 29/03/2012 1:58:36 PM | Computer Name = poonam-PC | Source = System Restore | ID = 8193

Description =

Error - 29/03/2012 1:58:36 PM | Computer Name = poonam-PC | Source = System Restore | ID = 8210

Description =

Error - 29/03/2012 2:54:42 PM | Computer Name = poonam-PC | Source = Application Error | ID = 1000

Description = Faulting application InstallFlashPlayer.exe, version 11.0.1.152, time

stamp 0x4e7d1453, faulting module InstallFlashPlayer.exe, version 11.0.1.152, time

stamp 0x4e7d1453, exception code 0xc0000005, fault offset 0x000071ad, process id

0x2418, application start time 0x01cd0ddd6477a2e0.

Error - 29/03/2012 3:01:11 PM | Computer Name = poonam-PC | Source = WinMgmt | ID = 10

Description =

Error - 29/03/2012 3:15:59 PM | Computer Name = poonam-PC | Source = WinMgmt | ID = 10

Description =

Error - 29/03/2012 3:34:07 PM | Computer Name = poonam-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 01/05/2012 10:06:53 PM | Computer Name = poonam-PC | Source = DCOM | ID = 10005

Description =

Error - 01/05/2012 10:22:51 PM | Computer Name = poonam-PC | Source = HTTP | ID = 15016

Description =

Error - 01/05/2012 10:23:05 PM | Computer Name = poonam-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 01/05/2012 10:23:05 PM | Computer Name = poonam-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 01/05/2012 10:23:05 PM | Computer Name = poonam-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 01/05/2012 10:27:38 PM | Computer Name = poonam-PC | Source = PlugPlayManager | ID = 12

Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)

disappeared from the system without first being prepared for removal.

Error - 01/05/2012 10:27:38 PM | Computer Name = poonam-PC | Source = PlugPlayManager | ID = 12

Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)

disappeared from the system without first being prepared for removal.

Error - 01/05/2012 10:27:38 PM | Computer Name = poonam-PC | Source = PlugPlayManager | ID = 12

Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)

disappeared from the system without first being prepared for removal.

Error - 01/05/2012 10:27:38 PM | Computer Name = poonam-PC | Source = PlugPlayManager | ID = 12

Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)

disappeared from the system without first being prepared for removal.

Error - 02/05/2012 7:23:24 AM | Computer Name = poonam-PC | Source = Service Control Manager | ID = 7011

Description =

< End of report >

Elise · May 2, 2012

Hi again,

OTL FIX

------------

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:otl
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)

:files
c:\windows\tasks\at*.job
netsh winsock reset

:commands
[emptytemp]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

Amar · May 2, 2012

Here is the OTL.txt